| Description |
1 online resource (1 volume) : illustrations |
| Contents |
Cover -- Title Page -- Copyright Page -- About the Authors -- About the Contributors -- About the Technical Editor -- Contents -- Foreword -- Acknowledgments -- Introduction -- Part I: Preparing for the Inevitable Incident -- Chapter 1: Real-World Incidents -- What Constitutes an Incident? -- What Is Incident Response? -- Where We Are Now -- Why Should You Care About Incident Response? -- Case Studies -- Case Study #1: Show Me the Money -- Case Study #2: Certificate of Authenticity -- Concept of the Attack Lifecycle -- So What? -- Questions -- Chapter 2: IR Management Handbook |
|
What Is a Computer Security Incident? -- What Are the Goals of Incident Response? -- Who Is Involved in the IR Process? -- Finding IR Talent -- The Incident Response Process -- Initial Response -- Investigation -- Remediation -- Tracking of Significant Investigative Information -- Reporting -- So What? -- Questions -- Chapter 3: Pre-Incident Preparation -- Preparing the Organization for Incident Response -- Identifying Risk -- Policies That Promote a Successful IR -- Working with Outsourced IT -- Thoughts on Global Infrastructure Issues -- Educating Users on Host-Based Security |
|
Preparing the IR Team -- Defining the Mission -- Communication Procedures -- Deliverables -- Resources for the IR Team -- Preparing the Infrastructure for Incident Response -- Computing Device Configuration -- Network Configuration -- So What? -- Questions -- Part II: Incident Detection and Characterization -- Chapter 4: Getting the Investigation Started on the Right Foot -- Collecting Initial Facts -- Checklists -- Maintenance of Case Notes -- Building an Attack Timeline -- Understanding Investigative Priorities -- What Are Elements of Proof? -- Setting Expectations with Management -- So What? |
|
Questions -- Chapter 5: Initial Development of Leads -- Defining Leads of Value -- Acting on Leads -- Turning Leads into Indicators -- The Lifecycle of Indicator Generation -- Resolving Internal Leads -- Resolving External Leads -- So What? -- Questions -- Chapter 6: Discovering the Scope of the Incident -- What Should I Do? -- Examining Initial Data -- Gathering and Reviewing Preliminary Evidence -- Determining a Course of Action -- Customer Data Loss Scenario -- Customer Data Loss-Scoping Gone Wrong -- Automated Clearing House (ACH) Fraud Scenario -- ACH Fraud-Scoping Gone Wrong -- So What? |
|
Questions -- Part III: Data Collection -- Chapter 7: Live Data Collection -- When to Perform a Live Response -- Selecting a Live Response Tool -- What to Collect -- Collection Best Practices -- Live Data Collection on Microsoft Windows Systems -- Prebuilt Toolkits -- Do It Yourself -- Memory Collection -- Live Data Collection on Unix-Based Systems -- Live Response Toolkits -- Memory Collection -- So What? -- Questions -- Chapter 8: Forensic Duplication -- Forensic Image Formats -- Complete Disk Image -- Partition Image -- Logical Image -- Image Integrity -- Traditional Duplication |
| Summary |
Annotation The definitive guide to incident response--updated for the first time in a decade!Thoroughly revised to cover the latest and most effective tools and techniques, Incident Response & Computer Forensics, Third Edition arms you with the information you need to get your organization out of trouble when data breaches occur. This practical resource covers the entire lifecycle of incident response, including preparation, data collection, data analysis, and remediation. Real-world case studies reveal the methodsbehind--and remediation strategies for--today's most insidious attacks. Architect an infrastructure that allows for methodical investigation and remediationDevelop leads, identify indicators of compromise, and determine incident scopeCollect and preserve live dataPerform forensic duplicationAnalyze data from networks, enterprise services, and applicationsInvestigate Windows and Mac OS X systemsPerform malware triageWrite detailed incident response reportsCreate and implement comprehensive remediation plans |
| Notes |
Includes index |
|
Online resource; title from title page (Safari, viewed October 29, 2014) |
| Subject |
Computer security
|
|
Computer crimes -- Investigation.
|
|
Computer crimes -- Investigation
|
|
Computer security
|
| Form |
Electronic book
|
| Author |
Pepe, Mathew
|
| ISBN |
9780071798693 |
|
0071798692 |
|
0071798684 |
|
9780071798686 |
|
